On Fri, 2003-10-31 at 21:04, Matthew Galgoci wrote: > You can bump up the max connections tracked via the sysctly > /proc/sys/net/ipv4/ip_conntrack_max, which defaults to 16352 (at least on my kernel). > > Think about what would happen if your mail server is doing mail to hundreds of hosts, each > connection out or in taking 1 slot in the table, and each mail required multiple dns lookups, > each of which requires a connection to be tracked. > Thanks. An interesting aside that - perhaps - you could comment on was offered by an IPTables devotee. His claim is that I caused these problems by introducing eth0:1 into the server (I have two interfaces with three internal IPs). His suggestion was to add the virtual IP through "IP add", avoiding ifcfg/ifconfig. Apparently, this method can create multiple IPs on a device that are all peers (for lack of a better term). In fact, I noticed a consistent inconsistency between NAT and the actual incoming interface where the incoming IP was correct but showed up on the wrong interface in the logs. I find all of this a bit bewildering because - if correct - it means that ifconfig is inherently flawed - I think. Frankly I lack the skills to fully appreciate or diagnose the matter. If I have some time next week, I'll experiment on a laptop.
Attachment:
signature.asc
Description: This is a digitally signed message part
